This course, taught by former NERC CIP auditors, will address cyber security solutions and methods to help secure the power grid and meet the NERC Critical Infrastructure Protection standard requirements. Combined, our instructors have nearly 20 years of utility cyber security experience. That knowledge, along with a keen understanding of what is needed to demonstrate compliance, has been distilled into this one day course.
Cyber security is constantly evolving. Consequently, the regulatory landscape needs to keep up with these changing tides in order to assure that there is a consistent and adequate measure of security discipline being applied to the power grid. Discovering ways to efficiently and effectively apply good security practice and meet regulatory obligations at the same time is not easy. This training program is designed to arm the attendees with the tools and knowledge necessary to build a security program that will help your organization achieve that goal.Register Now!
Who Should Attend?
This course is for IT, security, compliance professionals and operations staff working at an electric utility seeking to find ways to meet their compliance obligations, reduce their regulatory documentation burden and improve their security posture. It is also for those not in the industry and have an interest in learning more about electric sector cybersecurity regulations.
- Unit 1: Terminology 101
- Unit 2: What Are We Trying to Protect? (CIP-002)
- Unit 3: Security Perimeters – Logical and Physical (CIP-005 and CIP-006)
- Unit 4: Consolodating Efforts to Save Time and Money (CIP-003, CIP-005 R4, CIP-007 R1, R2 & R8, CIP-008 and CIP-009)
- Unit 5: Inventory for Success; Hardware, Software, People (CIP-002,004, 005 & 007)
- Unit 6: Policies, Procedures and Processes (CIP-002 through 009)
- Unit 7: Technical Feasibility Exceptions
- Unit 8: Useful Open Source Security Tools (CIP-005 & 007)
- Unit 9: Compliance and Security Crystal Ball
What Others Are Saying
Very informative. You guys really know your stuff!
Great presentations. The group exercise was well done.
Lots of information and great discussion.
I appreciate the flexibility of schedule in favor of yielding to audience participation. To me, this demonstrated excellent command of event organization.
Meet Your Instructors
Patrick Miller – CISA, CRISC, CISSP-ISSAP, SSCP, CEH, NSA-IAM | EnergySec
Patrick Miller is a security executive who has dedicated his career to the protection and defense of the nation’s critical energy infrastructure. He is the founder of EnergySec, and currently its President and CEO. This nonprofit information sharing organization began as a few colleagues meeting for lunch and has grown into a nationwide effort to promote sound security principles in the energy industry.
One of his strengths is the diversity of his professional experience. In Energy, he has held positions with a utility, a regulator, and a private consulting firm. He has also held key positions in the Insurance, Internet and Telecommunications sectors.Among other credentials he holds the CISA, CRISC and CISSP certifications.Patrick is an active member of several critical infrastructure security working groups anda sought after speaker and industry expert on the subjects of critical infrastructure protection, process control system security, regulatory compliance, audit, and privacy.
Steven Parker – CISSP, CISA | EnergySec
Steven Parker, CISA, CISSP, is the Vice President of Technology Research and Projects with the Energy Sector Security Consortium (EnergySec). He was part of the grassroots effort that led to the formation of EnergySec, and has served on its Board of Directors since 2008.
Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank. He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.
Josh Axelrod – CISSP, CISA | AlertEnterprise
Josh Axelrod is a retired United States Naval Submarine Officer with over ten years experience in nuclear power generation, electrical distribution, mechanical systems, as well as the industrial control systems associated with operation, supervision and security. He brings with him extensive auditing experience with regards to infrastructure security, operations, nuclear reactor safety, and regulatory compliance with Department of Defense, Environmental Protection Agency, Occupational Safety and Health Administration, and Code of Federal Regulations directives and standards. For fifteen months Josh was with the Western Electricity Coordinating Council serving as the Critical Infrastructure Protection Audits and Investigations Team. In this role he championed strong, transparent and consistent audit approaches regarding the NERC CIP regulatory standards. Josh has conducted audits of 38 NERC registered entities spanning the WECC, SPP RE, MRO, and SERC regions and encompassing all three versions and 43 requirements of the NERC CIP Standards. Josh graduated Cum Laude from Oregon State University receiving a Bachelor of Science in Nuclear Engineering, with minors in Mathematics and Naval Science and he holds the Certified Information Systems Auditor (CISA) certification and Certified Information System Security Professional (CISSP). Joining AlertEnterprise in mid-January of 2011, Josh is the Director of Professional Services and the domain expert for NERC CIP as well as a domain expert for NEI 08-09.